Overview

overview

10

Static

static

3

c0a42741ee...02.exe

windows7-x64

10

c0a42741ee...02.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    76s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240319-en
  • resource tags

    arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
  • submitted
    07-04-2024 09:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c0a42741eef72991d9d0ee8b6c0531fc19151457a8b59bdcf7b6373d1fe56e02.exe

  • Size

    919KB

  • MD5

    825d6049ba8600ee5fefd817ac5444b4

  • SHA1

    31c4dfbf7029c5ca8334042faaf906477be1ec17

  • SHA256

    c0a42741eef72991d9d0ee8b6c0531fc19151457a8b59bdcf7b6373d1fe56e02

  • SHA512

    43f30546ae519a902556412f5d0233a70c90181686e38dfe3c3751e462db91b0d189de1429f44805ba7bc188f5c5ff521eb26288f694f07f5868296f75d61bfa

  • SSDEEP

    24576:ID7x8JDwepWTu/g6YvOkAT5OdAP6tfKf2J9ObD:Ifx8JDwepWaOvOkANOdS6BT9gD

Score
10/10
avoslockerransomware

Malware Config

Extracted

Path

F:\$RECYCLE.BIN\GET_YOUR_FILES_BACK.txt

Family

avoslocker

Ransom Note
Attention! Your files have been encrypted using AES-256. We highly suggest not shutting down your computer in case encryption process is not finished, as your files may get corrupted. In order to decrypt your files, you must pay for the decryption key & application. You may do so by visiting us at http://avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion. This is an onion address that you may access using Tor Browser which you may download at https://www.torproject.org/download/ Details such as pricing, how long before the price increases and such will be available to you once you enter your ID presented to you below in this note in our website. Contact us soon, because those who don't have their data leaked in our press release blog and the price they'll have to pay will go up significantly. The corporations whom don't pay or fail to respond in a swift manner can be found in our blog, accessible at http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion Your ID: 3276b4d5d73dc9de228691c8193c374f5c83ba83341cf9405130e0095f60437b
URLs

http://avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion

http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion

Signatures

  • Avoslocker Ransomware

    Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.

    ransomwareavoslocker
  • Renames multiple (172) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\c0a42741eef72991d9d0ee8b6c0531fc19151457a8b59bdcf7b6373d1fe56e02.exe
    "C:\Users\Admin\AppData\Local\Temp\c0a42741eef72991d9d0ee8b6c0531fc19151457a8b59bdcf7b6373d1fe56e02.exe"
    1⤵
      PID:2024
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:924
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" F:\GET_YOUR_FILES_BACK.txt
        1⤵
          PID:112

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • F:\$RECYCLE.BIN\GET_YOUR_FILES_BACK.txt
          Filesize

          1KB

          MD5

          c416bf3911487d819c45a4001a77b35f

          SHA1

          dc19ce5f2f104f710edf83f7efa617f0bc749f67

          SHA256

          76bbf445e90dffd6d609e98faad6f84f7dc99c5412026cfb1a6e224b1cb2e6e2

          SHA512

          b6ace2a4c58ec68a60b1e1640e5adc1abbc58c669bc0d24f1cc5e1a778d595b5c255c4cc0314f7b3e4a413759658c6c281dafaa59e1110d05119b17d00555e5d

          Download Submit